Wireshark · Ethereal-dev: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Ethereal-dev: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxxxxx>

Date: Fri, 8 Dec 2000 00:38:39 -0800

On Thu, Dec 07, 2000 at 11:39:58PM -0800, Guy Harris wrote:
> Or, as per my other mail, perhaps using, on Windows, a version of the
> standard I/O library that does bigger writes, hence fewer system calls.

Nope.  According to "strace for NT":

	http://www.securiteam.com/tools/Strace_for_NT_-_low_level_system_calls_tracer.html

and the Windows(R) NT(R)/2000 Native API Reference:

	http://www.newriders.com/books/title.cfm?isbn=1578701996

it's doing 4K writes in the underlying NT system call "NtWriteFile()".

I suspect that running the test on FreeBSD 4.x and tweaking libpcap to
use a 512KB buffer might make a big difference here.

At this point, we might want to limit followups to one or more of:

	tcpdump-workers@xxxxxxxxxxx - for discussing changes to libpcap
	to allow the buffer size to be set from an application and/or
	changing the size it initially tries on BSD (the current version
	in CVS starts at 32768 and keeps dividing that in half until it
	finds something that works);

	freebsd-hackers@xxxxxxxxxxx, tech@xxxxxxxxxxx - for discussing
	changes to allow the buffer size to be changes with BIOCSBLEN
	even if the BPF device is attached to an interface.

(Both FreeBSD and OpenBSD have the maximum buffer size for BPF as 512KB
in the top of the CVS tree; NetBSD still has it as 32K.)

Follow-Ups:
- Re: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
  - From: Stefan Esser

References:
- [Ethereal-dev] Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
  - From: Dragos Ruiu
- [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
  - From: Matt Dillon
- Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
Next by Date: [Ethereal-dev] Re: [Openslp-devel] tcpdump/ethereal decodes for SLP v1 and v2?
Previous by thread: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
Next by thread: Re: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$